The Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) canceled a contract with Penlink that used ad-surveillance technologies to track the location of Americans.

The contract was canceled a little more than a month after ATF Director Robert Cekada acknowledged under questioning from Rep. Michael Cloud, R-Texas, in a congressional hearing that the agency was purchasing the geolocation data of Americans through a contract for “an ad-tech type thing” that would provide the agency with geolocation data “based on the ads that go through.”

 “We have purchased access to that system but we have not used it for a criminal case because we have not established any policies yet on how we would do it,” Cekada said.

He described that system and data as novel and said ATF was still determining how to craft official guidance for how agents would use it in investigative work.

In an email, an ATF spokesperson confirmed to CyberScoop that the contract had been canceled, describing it as a limited pilot project for capabilities the agency was no longer seeking.

”ATF continually evaluates tools and techniques to enhance our investigations and ultimately reduce violent crime in American communities,” the spokesperson wrote. “We did conduct a pilot with Webloc to determine if it could improve our investigative capabilities. After completing our review, we determined the tool does not meet our needs and cancelled the contract. ATF is not currently using any other ad-tech-sourced services.”

According to Sen. Ron Wyden, D-Ore., he requested and his staff received a briefing from ATF on the matter on June 12. In the meeting, Cekada identified purchasing licenses for Penlink’s Webloc commercial location surveillance tool as the contract in question.

Further he said the ATF had already conducted more than 340 searches using the system, including more than 222 that were directly tied to active ATF case numbers.

On its website, Penlink describes itself as an open-source intelligence analysis platform that provides real time data collection, forensic and web analysis and digital evidence collection. The firm touts its use of “AI-driven analysis” to increase case resolution rates by 80% as well as the ability to “tie disparate data together to one subject, place, or group using comprehensive identity resolution capabilities.”

Wyden, who earlier this year led a group of 70 congressional Democrats calling for an investigation into the purchase of commercial location data by Immigration and Customs Enforcement, said that ATF ultimately did “the right thing” but called for Congress to pass his legislation that would change the practice throughout the federal government.

“After Representative Cloud and my staff informed the ATF about the legal and privacy quagmire surrounding adtech data,  the agency did the right thing,” Wyden said in a statement. “Canceling this contract is a victory for Americans’ constitutional rights, but Americans’ privacy shouldn’t depend on ad hoc congressional interventions. Congress must pass the Government Surveillance Reform Act to close the data broker loophole once and for all.”

Wyden’s office noted that the purchase of ad-tech geolocation data is illegal in some states, and that the Federal Trade Commission has already established that selling sensitive location data to government agencies and contractors falls under deceptive and unfair practices under the FTC Act.

The use of ad-tech to surveil and geolocate targets online is a growing problem. While such tools are commonly used by marketing and advertising agencies to send targeted ads based on geography or region, bad actors can also use use to unmask the identities or locations of individuals, or combine them with other public data in ways that worry privacy advocates. A University of Tennessee student is suing a company based in the Virgin Islands for pulling videos from her social media, turning them into nonconsensual ads for their dating service and then using ad-tech geolocation to serve the ads to men online near her.

Wyden’s office said in one instance, the tool was used to get location data for devices associated with a defense contractor at the same time as a suspected arson incident, but that the ATF later backed off from using it in court after both the prosecutor and judge expressed “serious discomfort with the use of warrantless adtech data.” The ATF ultimately opted to seek a court order for bulk cell phone tower data instead.

The post ATF cancels controversial commercial geolocation contract appeared first on CyberScoop.

The Federal Communications Commission approved new rules Thursday that boost cybersecurity regulations for the nation’s emergency alert systems and update security rules for the nation’s undersea cables.

The new rule would overhaul two national emergency systems, the Emergency Alert System and Wireless Emergency Alerts, to better protect against hijacking attacks from malicious actors.

The EAS is a national public warning system that state and local authorities use to disseminate information related to weather events, AMBER alerts and other emergencies via radio and television broadcasting stations. The WEA handles much of the same messaging via text.

A compromise of either system by a foreign government, cybercriminal group or other rogue actor could be used to sow chaos and disinformation in calmer times, or impede coordination efforts in the face of a genuine emergency. Any vulnerability in systems like the Emergency Alert System “can have serious consequences,” said FCC Commissioner Olivia Trusty in a statement after the vote.

“That is why it has been appropriate for the Commission to conduct a comprehensive review of the EAS framework by focusing on the security of the system itself,” Trusty continued. “As cybersecurity threats continue to evolve, EAS participants must take appropriate steps to safeguard the infrastructure that supports the delivery of life-saving alerts.”

The new rules amount to basic – but still critical – cyber hygiene practices for users accessing and updating the EAS and WEA systems. They must use strong passwords, quickly install security patches from vendors and use firewalls to limit access to their equipment.

The rule also creates a new authentication ID system to verify alerts before they’re submitted and avoid duplicate or unauthorized alerts from spreading.

Another rule passed by the Commission Thursday provided the first comprehensive update to the FCC’s submarine cable regulations in decades, and moves to tighten cybersecurity requirements in some areas while loosening them in others.

It exempts some undersea cable providers from submitting to stringent national security licensing reviews needed to land and operate cables that touch U.S. territory.

The review, called “Team Telecom,” is an interagency body led by the Department of Justice’s Foreign Investment Review Section and other federal agencies that advise the FCC on the national security implications of their telecom policies.

The new rules would presumptively exempt applications for undersea cable licensees when the provider can self-certify to “high security standards” that are “structured to increase certainty, predictability, and faster timelines for the licensing process.”

“Currently, all submarine cable applications get referred to Team Telecom…the changes adopted would exempt applications from applicants that have operated cables without incident, can certify to the highest national security standards, and agree to ongoing oversight and monitoring,” the FCC said in a release.

Other parts of the rule give the FCC greater oversight of critical functions within undersea cable operations. Owners and operators of submarine line terminal equipment, who connect submarine cables to land-based facilities in the U.S., will be subject to a new licensing requirement.

The rule also moves to update safeguards meant to address vulnerabilities related to principal equipment, third-party service providers, and other areas of concern in the undersea cable supply chain.

The post FCC passes new cybersecurity rules for emergency systems, undersea cables appeared first on CyberScoop.

A federal judge in Massachusetts struck down major sections of a Trump administration executive order  that would have restricted mail-in ballots through the U.S. Postal Service and required states to adopt federally approved voter lists.

The ruling Thursday from Judge Indira Talwani of the U.S. District Court of Massachusetts found those parts of the order were unconstitutional, while declaring another section that directs federal law enforcement agencies to investigate and prosecute noncompliant state and local officials legally nonbinding.

Talwani wrote that the U.S. Constitution empowers States and Congress in different roles but “does not grant the President any specific power over elections.”

While the White House has cited the 2002 Help America Vote Act (HAVA) and Civil Rights-era voting laws as justification, Talwani found those laws do not authorize the government to regulate state voter registration practices.

“Notably, nowhere in HAVA does Congress prescribe who should be included on State voter lists,” Talwani wrote. “Further, neither in HAVA nor any other federal statute does Congress authorize the federal government to create their own voting database. Instead, Congress, consistent with the Constitution, has left that authority to the States alone.”

Talwani also declined to remove President Trump and Commerce Secretary Howard Lutnick as named defendants in the suit, rejecting the administration’s argument that the court could not regulate or intrude upon the president’s’ constitutional authority “in the performance of his official duties.”

“Contrary to Defendants assertion, Presidential action is not inherently unreviewable,” Talwani wrote.

The order, issued in March, instructs the Homeland Security secretary, the director of U.S. Citizenship and Immigrations Services and the commissioner of the Social Security Administration to compile lists of American voters for each state, including their supposed citizenship status.

To build the lists, the agencies would rely on the controversial Systemic Alien Verification for Entitlements (SAVE) database that DHS has been building under the Trump administration, as well as Social Security and federal citizenship and naturalization records.

Those lists would then be sent to states, most of which have already refused similar Trump administration efforts to control voter registration.. The order instructs the Department of Justice to investigate  and prosecute  state and local election officials who issue  ballots to ineligible voters. 

The order also requires mail-in ballots to be sent in special barcoded envelopes for tracking. Crucially, it demands states provide lists of voters eligible for mail-in voting, and threatens to deny ballots to states that refuse. It also claims the attorney general is entitled to withhold federal funding from noncompliant states.

Talwani found that states have shown they already have a rigorous voter registration and verification process to ensure non-citizens and other ineligible voters aren’t able to vote in U.S. elections, and have laws in place to investigate and prosecute those who do.

Executive branch lawyers argued the order was merely an internal federal directive that does not impedestate authorities. But Talwani noted that states like Connecticut were already pulling staff from critical activities, such as translating election materials required under the Voting Rights Act, to develop compliance plans for the order.

Nearly half of the states in the lawsuit have already purchased mail-in ballots for this election cycle that are out of compliance with the Postal Service’s envelope and design standards.

Despite a string of losses in the courts and Congress, the White House has continued to assert broad authority over the way states and localities administer elections.

The Department of Justice has sued dozens of states to force them to hand over sensitive voter data. In the 10 cases decided so far, states have won every one.

In their opinions, judges cited the executive branch’s lack of inherent authority to create state voter lists. Others accused the DOJ of misusing Civil Rights-era laws designed to protect Black and minority voters,  creating an “unreliable” database that would disenfranchise  legitimate voters.

The Massachusetts ruling comes to the same conclusion, with Talwani writing “it is clear that the federal agencies charged with compiling Confirmed Citizen Lists lack the ability to create complete and accurate lists of the U.S. citizens residing in every State.”

On Wednesday, Trump canceled a signing ceremony for a bipartisan housing bill in an attempt to pressure  congressional Republicans to pass the SAVE America Act, which would implement many of the same changes to U.S. elections. In a Truth Social post, Trump said he considered passage of the bill to be a “National Emergency.”

The post Federal court rules Trump election-focused executive order illegal appeared first on CyberScoop.

An epidemic of cyberattacks on open-source software has mounted in recent months, making clear how uniquely difficult it is to protect the publicly available code, from both a policy and a technical perspective, that serves as the foundation for so much of the digital world.

While open-source software security got a boost in attention under President Joe Biden — whose administration grappled with the fallout from the potentially catastrophic Log4j flaw that emerged in 2021 — a number of open-source experts say that government protection efforts have suffered setbacks under President Donald Trump. Many also say companies that heavily rely on open-source software, which is basically all of them, haven’t shouldered enough of the responsibility for safeguarding it.

“What we’re seeing is years of lack of investment sustainment in open-source software that is finally starting to catch up to us, where it seems like every week there’s a new supply chain compromise,” said Jack Cable, who held a role at the Cybersecurity and Infrastructure Security Agency where he worked on open-source security before departing under Trump.

The advancements of frontier artificial intelligence models stand to exacerbate the risk further, while simultaneously illustrating what makes defending open source difficult: Project Glasswing said shortly after its announcement that it had uncovered 6,202 high- or critical-severity vulnerabilities in a scan of more than 1,000 open-source projects, but that it had disclosed only 502 of them to open-source project maintainers and only 75 had been patched as of May 22 (albeit some due to typical patching lagtimes).

At the same time, there are questions about how much the government can help, even as overseas governments seek to focus on open-source security.

The evolution of open-source risk 

There are a series of factors contributing to the current threat to open-source software, experts say.

One is simply that attackers go to the area where they can get the highest return on their work. Compromising open-source software gives them the chance to get into the supply chain and exploit additional targets.

“Twenty years ago, open source was still fairly niche,” said Æva Black, who also worked on open-source security at CISA but left when Trump came back into power. “The potential blast radius if you managed to compromise open source was relatively small, because back then the world didn’t run on open source. Now almost everything runs on open source,” she said, from modern cars to satellites.

Another part is the nature of open-source software itself.

“It’s a symptom [of having] lots of open source [that] is a little bit under-maintained or not cared for enough, so that we spend too little effort and money and infrastructure on them,” said Daniel Stenberg, who is the creator and maintainer of cURL, a popular open-source project. “Lots of open source is being maintained by small teams, lots of volunteers, and I think that that’s a tough situation.”

That doesn’t mean the maintainers are to blame, Stenberg said. The companies that rely on open-source need to be diligent about using it, Black said.

“What we’re seeing in that realm right now is not new; it is more advanced and far more widespread,” she said. “The problem remains that companies who use open source — because open source is by far the most efficient way to collaborate on non-product value features — most companies are not implementing a responsible and safe utilization pathway.”

Open-source projects lack a systematic way to handle coordinated vulnerability disclosures, unlike companies or industry groups with formal processes, said Dan Lorenc, CEO and co-founder of Chainguard. Project maintainers sometimes aren’t reachable, and those who are available are flooded with reports, many of them unverified findings from AI tools that waste their time without adding value..

Of course, some of those vulnerability reports turn out to be legitimate. “Mythos and AI models have contributed to an uptick in the number of vulnerabilities and things that we’re able to find” in open-source software, said Alex Zenla, chief technology officer for the cybersecurity company Edera.

All of that leaves more room for companies, non-profits and world governments to improve open-source security.

A moment of momentum

While open-source software security isn’t a new issue, the 2021 discovery of the Log4j flaw sounded alarms within the cybersecurity community. Jen Easterly, then the director of CISA, called it “one of the most serious I’ve seen in my entire career, if not the most serious,” with the potential to affect hundreds of millions of devices given the ubiquitous nature of the popular open-source logging library.

A year later, the Cyber Safety Review Board released its report on the incident, concluding that swift action from industry and government averted a disaster. But the incident “called attention to security risks unique to the thinly-resourced, volunteer-based open source community,” it wrote. “This community is not adequately resourced to ensure that code is developed pursuant to industry-recognized secure coding practices and audited by experts.”

The U.S. government actions after included some steps focused specifically on open-source software such as creation of the Open-Source Software Security Initiative and hires of well-regarded open-source security experts at CISA such as Black, but also some steps that could be applied more generally and still help with open-source security, such as greater promotion of secure-by-design, memory-safe languages and software bills of materials (SBOMs).

Some of the Biden administration work on open-source security started before Log4j, such as provisions from an executive order he issued in 2021 that directed CISA along with the Office of Management and Budget and General Services Administration to issue guidance to agencies. 

The administration’s 2023 cybersecurity strategy also stepped into the long, thorny discussions over software liability, with a mention of open-source security: “Responsibility must be placed on the stakeholders most capable of taking action to prevent bad outcomes, not on the end-users that often bear the consequences of insecure software nor on the open-source developer of a component that is integrated into a commercial product.“ The Biden administration always indicated that addressing software liability would take a prolonged battle ahead.

Under Trump, many of the Biden administration’s efforts have languished. CISA’s splashy hires on open-source are gone, including Black, Tim Pepper and Anjana Rajan. Also departed are leading figures on secure-by-design and SBOMs, with CISA personnel cutbacks slicing deep. 

No one has seen any sign that the national cyber director-led Open-Source Software Security Initiative is active, with few participants remaining in government today. The Trump administration cyber strategy doesn’t mention open-source.

“The loss of open-source experts at CISA “is unfortunate, and it will be hard for the government to try to rebuild capacity, but I do think now more than ever CISA has a core role to play to secure open source software,” Cable said.

The pressure is mounting

It’s not that the issue is getting zero attention from those in a position to make a difference. Nick Andersen, the acting director of CISA, said last month that open-source security was an area of particular concern for him.

Andersen responded to concerns about CISA staffing levels on open-source security and spoke more broadly on the topic in a statement to CyberScoop.

“As artificial intelligence and other technologies have the power to transform how vulnerabilities are discovered and exploited, CISA recognizes that the open source software (OSS) that underpins much of the nation’s critical infrastructure will need to be hardened,” he said. “CISA actively collaborates with our partners on shared priorities, including OSS security, to ensure time and resources are spent where they matter the most.  We have an immensely talented team, but are also accelerating our hiring in critical areas, to strengthen the nation’s defenses against cyber threats.”

The Office of the National Cyber Director did not respond to requests for comment.

There’s been some activity on Capitol Hill, too. The Securing Open Source Software Act, which Cable worked on during a stint as a Senate staffer, would direct CISA and other agencies to take actions to mitigate open-source software security risks, but the legislation has stalled since its introduction in 2022. A portion of the bill, however, was included in the Department of Homeland Security funding law Trump signed in April, directing CISA to brief Congress on the value of establishing something like an open source program office, which some companies use to manage open source within a given firm.

Senate Intelligence Committee Chairman Tom Cotton, R-Ark., has pushed the executive branch to improve its awareness of foreign adversaries playing roles in open-source software used by national security-focused agencies.

The annual defense policy bill in the House calls on the Defense Department’s chief information officer to report to Congress on a plan to secure open-source software supply chains, saying lawmakers are “concerned that the Department lacks sufficient visibility into the origins, maintenance, and security of OSS applications and software dependencies.”

That defense authorization bill language is “really beneficial, and I think it signals acknowledgement of this changing of culture” around open-source security risks, said Hayden Smith, founder of HuntedLabs, whose company won a contract with the Space Development Agency on supply chain security — agency work that the defense bill singled out.

“The report language is the first time the Hill is trying to get a true handle on foreign influence in open source code where they have oversight,” he said, saying it was a “piece of the puzzle” along with Cotton’s letter and a memo from Secretary of Defense Pete Hegseth last year about foreign influence in the Pentagon supply chain. “It’s good and would trickle down into everyone who provides software to the department.”

Zenla, though, believes trying to isolate China from open-source systems isn’t in and of itself a good idea. 

“I don’t think that that makes a lot of sense, because they’re actually pretty good things that people contribute to open source,” she said. “Not everyone is malicious, and what are we going to do, spy on every single open source maintainer?” It’s more about doing things like making sure that highly-classified systems are set up in a separate way, she said.

Europe is also taking action to secure open-source software that the United States doesn’t seem ready or willing to do right now. Germany, for instance, devotes grants to the security of open-source projects, although Stenberg pointed out that sometimes money doesn’t equate to maintainers being able to fix flaws more quickly, depending on the project’s size.

The Cyber Resilience Act (CRA) adopted by the Council of the European Union in 2024 could offer another road on open-source security. The CRA requires those who use open-source software products as part of any commercial activity to take certain security measures. 

Black said that when she was at CISA, there were discussions between the agency and European counterparts about finding compatible ideas on open-source security, but that momentum died with the Trump administration.

But “Europe kept rolling, and now has in place a new legal framework that is set to really reshape open-source security for potentially the whole world, but certainly for anyone who wants to work with Europe on open source,” she said.

Lorenc recently wrote that “open source isn’t governable.” He said an organization like a neutral nonprofit, possibly using some government funding, should take responsibility for things like coordinating vulnerability disclosure into one pipeline. He also said there needs to be one authority in charge of “forking” — that is, taking a project and assigning stewardship elsewhere — when a maintainer isn’t responsive to vulnerabilities. 

There are differing opinions on how much past government warnings, advisories and guidance have helped. Smith gave some credit to government agencies that “have all responded to open source attacks using the means they have.”

Stenberg said that “I don’t think they make any big dent at all in the big scheme of things.” They might get some attention initially, “then two years later we all forgot about them, and they actually didn’t change much.”

Ideally, everyone could get on the same page, Zenla said. “The best way to do this is if people actually collaborated on a global scale on some sort of regulation around this, but that seems nearly impossible at the current moment,” she said. (The United Nations’ Open Source Week runs all this week.)

But if there’s an upside to the spate of attacks on open-source software, it’s the energy it gives to how better to secure it, Lorenc said, invoking the political saying to never let a good crisis go to waste.

“Everyone knows the industry has to change,” he said. “This is a really good crisis, and the right things are happening in the right places, and organizations are rethinking their culture around software development, and they know what they have to do. It’s just something that’s never been top of the priority list for the last 10 years. Now it is, and they’re doing it, and it’s, ‘Can we do it fast enough?’”

The post Open-source security is posing challenges governments can’t easily solve appeared first on CyberScoop.

A federal court ruled Monday that the Trump administration’s national voter database violates federal privacy laws, interferes with Americans’ right to vote, and must be dismantled.

In the ruling, Judge Sparkle L. Sooknanan of the District Court of Washington D.C. wrote that records reviewed by the court show federal agencies knew that the SAVE voter database violated federal laws like the Privacy Act, the Social Security Act and the Administrative Procedure Act, but were “scrambling” to comply with President Trump’s executive order to create a system for mass voter verification.

That pressure resulted in agencies “haphazardly” combining and repurposing the personal information of millions of Americans from different government databases, including citizenship data they knew was unreliable.

“The Court therefore sets aside and vacates the 2025 SAVE modified system and the related notices because they were contrary to law, arbitrary and capricious, in excess of statutory authority, and without observance of procedure required by law,” Sooknanan wrote.

The League of Women Voters, its local affiliate groups and the Electronic Privacy Information Center filed the lawsuit last year. They argued the administration violated privacy laws that restrict the government’s ability to collect or combine private data without congressional authorization.

Sooknanan wrote that the SAVE database violates a prohibition in the Social Security Act against the disclosure of Social Security numbers and other related SSA records as well as substantive and procedural protections in the Privacy Act, which prevent the non-consensual disclosure of certain information both by federal agencies and between federal agencies and require notice and comment.

The court also ruled that SAVE violates the Administrative Procedures Act, which governs how the federal government develops regulations and makes official decisions to ensure they’re fair and impartial.

Sooknanan had earlier declined to rule the database illegal under the Administrative Procedures Act, saying the plaintiffs had failed to prove the data would cause  irreparable harm. In her final ruling, she changed course, writing that the states have since run their voter rolls through the federal government’s modified SAVE system, and some voters have been wrongfully identified as non-citizens and had their voter registrations canceled.

“All in all, the federal government has knowingly trampled on the privacy rights of American citizens in a manner that threatens the sacred right to vote,” Sooknanan wrote. “This Court cannot stand idly by while that happens.”

The ruling reinforces longstanding objections from former government officials and privacy experts over the past year, who have said Congress has repeatedly passed privacy laws explicitly to prevent the executive branch from using Americans’ data in ways not proscribed through law. That is what DHS did last year when it took SAVE, a database meant to process government benefits for legal immigrants, and combined it with data from the Social Security Administration and other agencies to create a new massive database of American voters and their citizenship status.

John Davisson, deputy director of enforcement at EPIC, celebrated the decision in a statement, saying the ruling “underscores that government agencies must follow the law, defend privacy and remain accountable to the public they serve.”

 “Today’s decision is a victory for us all. By halting the illegal consolidation of sensitive personal data across federal agencies, the court has safeguarded not only our privacy rights but also the bedrock of our democracy: the right to vote,” said Davisson. 

The post Court rules SAVE database illegal, orders it dismantled appeared first on CyberScoop.

President Donald Trump signed two executive orders Monday to accelerate the federal government’s transition to post-quantum encryption and reprioritize government financing to support the domestic quantum computing industry. 

The orders, which CyberScoop first reported on last year, direct the government to throw its weight behind the quantum computing industry. They are part of a broader effort by the Trump administration to put its stamp on the development of another key emerging technology.

In May, the Department of Commerce announced letters of intent for more than $2 billion in federal financing incentives for nine quantum companies under the CHIPS and Science Act. Last year, the administration did something similar with its AI-focused executive orders and action plan that created special federal export programs for AI technology and equipment, directed federal agencies to mobilize federal financing tools to support the industry, and cut or curtail regulations that the administration said may impede domestic growth. 

Ahead of the signing, sources previewed details of those orders to CyberScoop. Per one of those sources, who spoke on condition of anonymity to discuss pending administration actions, a “whole of government approach is used to empower research and development into quantum computing, as well as quantum sensing [and other resources].”

They described the Trump administration’s attitude for propping up industry as “don’t let us miss out on prioritizing the feeders for the research or the development of quantum.” 

The second order requires federal civilian networks to adopt quantum-resistant encryption faster than the current 2035 deadline. The new encryption algorithms, vetted by the National Institute of Standards and Technology, will protect against future quantum computer attacks. 

Agencies that miss the new deadline must report to the Office of Management and Budget explaining why. 

On hand for the signing were Department of Energy Undersecretary for Science Darío Gil, Department of Commerce Secretary Howard Lutnick, National Cyber Director Sean Cairncross, Defense Secretary Pete Hegseth, Federal Chief Information Officer Greg Barbaccia, and Office of Science and Technology Policy Director Michael Kratisos.

Multiple executives from technology companies were also on hand for the order’s signing, complimentary of the government’s efforts in boosting the industry.

“IBM applauds the Administration for taking this important, timely step forward,” said IBM CEO Arvind Krishna in a statement. “Sound policy, sustained investment and public-private partnership are vital to sustaining U.S. quantum leadership and technological resilience. We’re proud to keep building on this foundation — strengthening U.S. competitiveness and bolstering national security as we shape the quantum future together.”

“At Google, we are proud of our sustained breakthroughs in quantum computing and post-quantum cryptography,” said Google President and Chief Investment Officer Ruth Porat. “Quantum computing is a transformational technology that can advance national security, drug discovery, energy solutions and more.”

Update; 6/22/26; 5:20 p.m.: This story was updated after the signing with details about the orders, signing ceremony attendees, and comments from IBM’s Arvind Krishna and Google’s Ruth Porat.

The post Trump executive orders speed up post-quantum migration, boost industry appeared first on CyberScoop.

Intelligence agencies for the United States, Canada, UK, Australia and New Zealand are warning that advanced AI models capable of wreaking havoc in the cyber domain are “months away” from being publicly available.

In a joint statement, the Five Eyes alliance say they expect the kind of advanced hacking capabilities provided by frontier models like Anthropic’s Fable 5 and OpenAI’s Daybreak to become broadly available the public within the year, despite efforts by AI companies to withhold them or restrict their access.

“Frontier Al models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities,” the agencies said. “The timeline is not years, it is months.”

The statement, which included signatures from NSA’s Director of the Cybersecurity Directorate David Imbordino and acting CISA Director Nick Andersen, does not specifically cite secret or classified sources or methods to reach this conclusion.

But much of the underlying justification provided by the intelligence agencies also aligns with what public cybersecurity and AI experts have been warning about for months.

AI models capable of exploiting cybersecurity weaknesses are already available today through multiple channels: older commercial models, open-source versions, or foreign and black-market sources. And while newer models like Mythos are reportedly significantly more powerful for cybersecurity-related tasks, the breakneck pace of frontier model development often means that yesterday’s restricted frontier AI is tomorrow’s free, open-source AI.

Representative Andrew Garbarino, R-N.Y., Chair of the House Homeland Security Committee, said the warning from intelligence agencies “underscores what the Committee has repeatedly heard through roundtables, briefings, and hearings with industry leaders: China is just months, if not now weeks, away from achieving frontier AI capabilities comparable to those of the United States.”

“This threat reinforces the urgency of ensuring that federal agencies and critical infrastructure operators can responsibly leverage advanced U.S. models, and receive the guidance and support necessary to do so, to find vulnerabilities before adversaries can exploit them,” said Garbarino in a statement.”

The agencies flag legacy systems, sluggish patching loops, unnecessary internet connectivity, weak identity and access controls, and a lack of pre-incident planning by organizations as key weaknesses that AI will excel at exploiting.

“The rapid pace of frontier AI development means cyber risk assumptions can become outdated in months, not years,” the agencies wrote. “We must act before and be prepared to adapt and withstand evolving threats.”

Since large language models burst onto the scene, open-source models have run about 6-8 months behind the largest frontier AI companies.

To give an idea of how quickly the field develops: the capabilities described in the Amazon threat intelligence report that convinced the Trump administration to place export controls on Fable 5 could already be accomplished through older models like Claude Opus and Claude Sonnet, as well as open-source Chinese models.

Anthropic shut down access to their Fable 5 and Mythos 5 models as a result, and despite releasing a statement that they believe the White House decision was a “misunderstanding” the dispute remains resolved.

Programs like Anthropic’s Project Glasswing and OpenAI’s Trusted Access for Cyber Program provide AI systems to organizations for cyberdefense.  The goal is to give defenders a head start in finding and fixing vulnerabilities before AI systems can exploit them routinely in the coming years.

However, for all the fear surrounding the new technology, the recommended guidance is largely the same as it has been for decades. Governments, businesses and leaders must stop treating the digital security of their work as an afterthought or compliance issue.

“Success will come from getting the basics right, acting quickly, and integrating cyber security into core business strategy,” the agencies wrote. “Those that do not will face growing operational and strategic disadvantage.”

06/23/2026: This story was updated to include comment from Rep. Andrew Garbarino, R-N.Y.

The post Intel agencies: Frontier AI models will reshape cybersecurity faster than expected appeared first on CyberScoop.

The Senate Judiciary Committee approved a new bill this week that seeks to prevent unauthorized deepfakes of American artists, performers and public figures. While the bill sailed through a committee voice vote, both Senators and outside groups say they’re worried it could become a tool for the powerful to quash free speech. 

The NO FAKES Act, introduced by Sens. Chris Coons, D-Del., and Marsha Blackburn, R-Tenn., would give Americans near-exclusive rights to their own digital AI replicas, and those rights live on, passing to heirs, executors and estates for at least 70 years after an individual dies.

While living, creators would be able to essentially license their likeness and image to others, over 10-year contracts for adults and 5 years for minors.

It would also permit individuals to sue anyone who uses their AI-generated image without permission, and pay up to $750,000 for violations. Blackburn submitted letters of support for the bill from more than 40 groups, including the Screen Actors Guild – American Federation of Television and Radio Artists, the American Medical Association, Creative Artists Agency, the Broadcasters’ Associations and the Human Artistry Campaign.

“It is imperative that we put this national standard in place for voice and visual likeness protection of creators, to protect from proliferation of harmful AIgenerated deepfakes that are created without their consent,” said Blackburn in a Thursday markup of the bill.

The introduction of consumer-grade AI tools has made it trivial to create convincing deepfakes of real individuals and public figures. The harms are well documented: bad actors have used them to create nonconsensual pornography or sexualized media of people they know, create child sexual assault material (CSAM) , and blackmail or humiliate individuals.

Artists have faced real challenges in the AI era when it comes to controlling their digital likeness. Last year, the Better Business Bureau warned that its Scam Tracker had been flooded with complaints about AI-celebrity endorsement scams. These included  deepfakes of Oprah Winfrey promoting weight loss products, Kim Kardashian pleading for donations to fight California wildfires, and pop star Taylor Swift and celebrity chef Gordon Ramsay endorsing cookware.

In the political arena, candidates now create deepfakes of their political opponents, putting words into their mouths or placing them in embarrassing or humiliating situations. Online, disinformation actors have repeatedly spread AI-generated videos and images of politicians like Donald Trump, Kamala Harris, and even regional or local politicians saying or doing scandalous things.

The bill represents one of the most aggressive attempts by U.S. policymakers to protect the digital commercial rights of artists and public figures. New York, for instance, passed a law this month that requires film and television advertisers to publicize when they’re using deepfakes in ads, but does not create a similar copyright regime for artists’ likeness. A Tennessee law, The ELVIS Act, that prohibits the unauthorized use of an individual’s voice and likeness and creates secondary liability for large platforms that publish or distribute the content.

The NO FAKES Act faces opposition from an alliance of tech business and digital rights groups. They argue the bill  fails to balance the commercial rights of artists to control their own image with longstanding First Amendment constitutional rights to free speech and parody.

Amy Bos, vice president of government affairs at NetChoice, a trade association for online businesses, said that while her group supports legislation that prevents unauthorized AI generated deepfakes, “good intentions do not make good law.”

“As written, this bill creates a dangerous financial incentive for platforms to aggressively over-remove lawful content, burdens creators with an unworkable counter-notification system, and fails to deliver the uniform national standard its sponsors promised,” Bos said in a statement.

Many digital civil groups agree with that view. A broad coalition of policy groups – including the American Civil Liberties Union, the R-Street Foundation, the Center for Democracy and Technology, the Electronic Frontier Foundation and others – wrote to the Senate Judiciary Committee this week to urge members to oppose the bill in its current form.

They argued the current bill creates a “Heckler’s veto” over most online content, allowing artists, public figures and advocacy groups to flood the notification system with takedown requests for content they don’t like. Similar to a law already on the books, the Digital Millenium Copyright Act, virtually all the incentives in the bill push platforms to be overaggressive in taking down content, regardless of whether it violates the law or not.

This approach could end up quashing not just unauthorized ads but also scores of other likely First Amendment protected uses, such as education, humor, satire and parody.

In 2023, a humorous AI-generated image of Pope Francis in a puffy Balenciaga jacket went viral. Under the NO FAKES Act, the coalition says that post would be illegal for anyone to post until nearly 2100.

In the political arena, both Republicans like Trump and Democrats like California Governor Gavin Newsom have used AI deepfakes to skewer their political opposition.

“A law that undermines free expression will struggle to survive constitutional review,” the groups wrote. “In the meantime, it can do lasting damage, both to lawful speech and to the autonomy of the people it claims to protect. We urge the Committee not to advance the NO FAKES Act in its current form, to examine how existing state and federal law already addresses the legitimate harms the bill seeks to address, and to pursue narrowly tailored solutions only where a genuine gap remains. We would welcome the opportunity to assist.”

While the bill passed by voice vote and with broad support, multiple Republican and Democratic members of the committee said they had similar concerns and expressed a desire to continue tweaking the bill further before passage into law.

In the Senate meeting, Coons appeared to dismiss those charges, arguing that changes made to the bill ahead of markup adequately address any First Amendment concerns.

“I want to be clear, NO FAKES includes features that protect free speech,” Coons claimed. “Parody, satire documentaries, biopics, newscasts, they’re all protected and we built in appropriate counter notification processes and exempted research libraries and archives.”

The post Congress tees up No FAKES Act, aiming at AI-generated deepfakes appeared first on CyberScoop.

Members of Congress responded with skepticism and caution Tuesday to the Trump administration’s decision to impose export controls on Anthropic’s newest AI models.

The Friday order, which Anthropic said forced it to disable its Fable 5 and Mythos 5 artificial intelligence models, was prompted by what the administration said were national security concerns that a large number of cybersecurity professionals have dismissed as ill-founded.

Several Hill Democrats told CyberScoop they were concerned that the administration’s decision was driven by other considerations. Notably, the administration has feuded with Anthropic over use of its models for domestic surveillance and fully autonomous weapons.

Sen. Angus King, a Maine independent who caucuses with Democrats, said he would need to be convinced it was a legitimate national security order and hadn’t yet seen a full justification.

“What they did was pretty extreme, and I’d want to see what the basis was, as opposed to all the other issues that are swirling around in cybersecurity,” he said. “I’m a little skeptical because of their otherwise announced antipathy to this company.”

Leaders of the House Homeland Security Committee had contrasting takes, with Chairman Andrew Garbarino, R-N.Y., offering a two-pronged response and the top Democrat on the panel, Bennie Thompson of Mississippi, panning the order.

“The administration is right to treat advanced AI cyber capabilities as a national security issue, especially when foreign adversaries and cybercriminals are actively looking for ways to weaponize these tools,” Garbarino said in a statement. “At the same time, we need to make sure our response does not unintentionally disadvantage American companies, allied partners, or critical infrastructure defenders who need access to the best secure tools available in order to protect our networks here at home.”

The United States, not China, needs to set standards for trusted AI, Garbarino said.

But Thompson said the order adds evidence to the appearance that the Trump administration doesn’t “have a coherent plan for mitigating the cybersecurity risks” of frontier AI models, he told CyberScoop in a statement.

“AI regulations should rely on standards and procedures that provide confidence to the public that decisions are based on the evidence and not on politics,” he said. “Instead, the Trump administration has adopted an ad hoc approach where decisions are made by political appointees in the White House rather than experts and where companies are left guessing on how to comply.”

Virginia Sen. Mark Warner, the top Democrat on the Intelligence Committee, had also previously highlighted the administration’s quarrel with Anthropic in response to the order in a statement to CyberScoop.

Behind the scenes, the administration and Anthropic were reportedly continuing to try to forge a truce Tuesday. More broadly, the administration’s AI executive order had a rocky rollout as the administration swung back-and-forth on how involved the government should be.

Some lawmakers deferred on commenting Tuesday, such as Senate Homeland Security Committee Chairman Rand Paul, R-Ky., who told CyberScoop he didn’t have anything to say on the order.

Others said they were still seeking information from the administration.

“I have not had the opportunity to get a brief specifically as to the logic, the reasoning behind it, and so forth,” said Sen. Mike Rounds, the South Dakota Republican who chairs the Armed Services Subcommittee on Cybersecurity. “So I’m going to withhold judgment until I get an opportunity to get the rest of the story, so to speak.”

The post Lawmakers leery about Trump administration’s Anthropic order appeared first on CyberScoop.

A policy paper published Tuesday advocates for software bills of materials (SBOMs) for artificial intelligence as a mechanism for reducing cyber risk and improving transparency, and seeks to give lawmakers, federal agencies and others a roadmap on how to proceed.

The SBOM, commonly described as an inventory of software ingredients, emerged in the 2010s and has expanded beyond software to include hardware and AI.

But the paper from the Institute for Security and Technology, which CyberScoop is the first to report on, argues that AIBOMS require foundational work before they can be widely implemented.  This comes as some companies are already offering AIBOM services and other organizations are actively shaping AIBOM policy.

“What we’re worried about is we would end up in a ‘fire, ready, aim’ situation where everyone was doing it, but we were all doing slightly different things,” said a co-author of the paper, Allan Friedman, who has worked on SBOMs in multiple U.S. government roles. “If we don’t have a shared vision, it becomes a lot harder to have a coherent policy. It becomes a lot harder to have common tools and interoperable data and it becomes a lot harder to use the data that we’re tracking to actually deliver on the promise of supply chain transparency.”

The idea for the paper sprung from discussions with Hill aides and Pentagon staffers, Friedman said, and people like them are the target audience as well.

A key premise is that AIBOM policy needs to explore the topic from two sides.

“How do you solve the chicken-and-egg issue, where no one’s providing the data, so no one’s asking for it, and no one’s asking for it, so no one’s providing it?” Friedman told CyberScoop. “The answer is, you have to go from both supply and demand.”

On the supply side, “An AIBOM should capture relevant details about the models and datasets used for training, fine-tuning, evaluation, validation, testing, retrieval, grounding, augmentation, or other model development or operational purposes,” the paper suggests.

“The demand side begins with some form of forcing function or requirement that organizations understand what is in the products they manufacture and sell,” it states, with one such requirement potentially being an industry mandate to require the tracking of system components — for example, like the “lightweight” standards used in the payment card industry on data security that isn’t overly exact about how components should be tracked.

But it could also include government regulations or contracting conditions, Friedman argues with his Institute for Security and Technology colleague Nick Leiserson. (The scope of government directives on AI is a topic of considerable debate on Capitol Hill and within the Trump administration right now.)

Friedman said the paper isn’t meant to be the be-all, end-all, and acknowledged the prior work of organizations like the Open Worldwide Application Security Project (OWASP) and Linux Foundation.

“We’re not saying this is a brand new topic, nor are we saying that AIBOM will solve all AI security issues,” he said. “I’ve been fighting this fight for SBOM for a decade. You know, SBOM will not pick up your dry cleaning.”

And as AI continues to evolve rapidly, that means papers like the one published Tuesday are just at the beginning of the discussion, Friedman said.

The post A case for how to shape ‘ingredient lists’ for AI models appeared first on CyberScoop.

Google threat hunters spotted yet another Chinese state-sponsored espionage group that for years had burrowed into systems belonging to government and private organizations to steal data across academia, medicine, military, cybersecurity and foreign policy. 

Google Threat Intelligence Group discovered the previously unknown threat group UNC6508, which targeted organizations in the United States and Canada, in late 2025 but traced its earliest known compromise back to September 2023. 

The revelation mirrors an alarming pattern of Chinese espionage groups dropping backdoors into critical infrastructure to pre-position for potential sabotage, intercept research and steal data with national security implications. These groups working at the behest of China’s government, including UNC6508, operated in stealth for years before authorities or researchers discovered their activity.

“We don’t know the full extent or impact of the campaign,” Patrick Whitsell, senior security engineer at GTIG, told CyberScoop. Researchers said the threat group intruded a medical research university in September 2023, stole credentials and communications, and remained active on the institution’s systems through November 2025 when it was discovered.

Google said it confirmed multiple victims compromised with INFINITERED, a custom backdoor the threat group deployed on targeted networks to steal administrative credentials after it exploited externally facing REDCap (Research Electronic Data Capture) servers.

Researchers still don’t know how UNC6508 gained initial access to the REDCap servers. Google said the survey and database software, which was created at Vanderbilt University and issued multiple patches for critical remote-code execution vulnerabilities throughout 2023, is widely used across the medical research community. 

“Given the breadth of the threat actor’s intelligence collection criteria and their ability to remain undetected within compromised networks for more than a year, we assess the known victims likely represent only a fraction of a larger campaign,” Whitsell said. “We also assess that this highly capable threat actor will remain active and continue to be a threat to the defense, technology and medical industries for the foreseeable future.”

Google said the campaign targeted clinical providers, academic medical centers and U.S. military health institutions, demonstrating advanced capabilities from a threat group that doesn’t currently overlap with any other publicly known groups.

The threat group abused domain compliance rules to steal data, a technique that doesn’t rely on malware or living-off-the-land tools, and routed traffic through U.S.-based IPs to blend in with legitimate traffic, researchers said.

“We have some evidence to suggest this is a large threat group with multiple sub-teams, but this is not confirmed,” Whitsell said.

Like other previously identified China state-sponsored espionage groups, UNC6508 remains active.

Google said it disrupted some of UNC6508’s known infrastructure by disabling an Gmail account it used to exfiltrate data, notified the affected organizations and helped remediate compromises before it published research on UNC6508’s activities.

Whitsell said several unconfirmed instances of compromise remain under investigation.

The post Google exposes China espionage group that’s been lurking in networks undetected since 2023 appeared first on CyberScoop.

Last Friday, the Trump administration sent a shock through the tech ecosystem when the Department of Commerce levied export controls on Anthropic’s new AI model Fable 5.

Anthropic has taken steps to limit the risks around the commercial sale of its Mythos model, including declining to release it publicly, funneling it to organizations for cyber defense and developing guardrails for Fable 5 that would default its answers to older, less powerful models around sensitive topics like cybersecurity and biological warfare.

But the Trump administration was reportedly alarmed by recent reports from Amazon and another cybersecurity researcher claiming to have jailbroken Fable 5 within days of its public release, and determined that if researchers in the U.S. could jailbreak the model, so could America’s foreign adversaries.

The Commerce Department’s decision spurred Anthropic to shut off the models for all users as they attempted to convince the White House to change course.

But some cybersecurity and AI experts have sharply disagreed with the White House’s actions, saying the research has not demonstrated that anyone has been able to circumvent Fable 5’s safeguards and access the kind of dangerous new capabilities that have worried officials.

Katie Moussouris, a well-known cybersecurity expert, said Monday that Anthropic provided her with a copy of third-party research on guardrail bypass techniques for Fable 5.

According to Moussouris, the researchers asked three Claude models – Fable 5, Mythos and Claude Opus – to review batches of known, vulnerable open source code for security issues. Fable 5 initially refused the request, but the researchers were able to use “a multistep and manual process” to get Fable 5 to turn the output into automated scripts that could test patches for the vulnerability.

Third-party research since Fable 5’s release has not found ways to bypass its safeguards around hacking. The capabilities researchers have demonstrated are foundational to what makes Fable 5 and other frontier models valuable for cybersecurity defense.

“Defenders need to be able to ask AI to fix the bugs in a file, explain why the fix matters, and write tests that confirm the patch works,” she wrote. “That is not a guardrail bypass. It is the most valuable thing an AI model can do for defensive security: executing the find, fix, and test loop defenders run every day.”

Moussouris previously provided technical expertise to the Waasenaar Agreement, a voluntary multilateral security agreement around controlling exports for both munitions and dual use technology that includes the U.S. and dozens of other countries.  Based on the research she’s seen, she called placing export restrictions on all foreign sales of Fable 5 “heavy handed” and “misguided.”

Some lawmakers who in favor of higher regulations and scrutiny on the national security implications of AI were nevertheless critical of the White House decision. Senator Mark Warner, D-Va., told CyberScoop in a statement that while “there may be circumstances where restrictions on the export of frontier AI models are warranted,” those decisions must be “grounded in a transparent, risk-based process with clear rules and consistent standards.”

The Trump administration’s approach, he argued, has been the opposite, and he called for Congress to pass a statutory framework for testing and approving frontier AI models based on transparency, predictability and fairness.

“This administration has repeatedly shown a willingness to weaken export controls designed to protect our national security and maintain our technological edge over adversaries, while also making no secret of its hostility toward Anthropic,” said Warner. “That raises serious questions about whether this effort is being driven by objective national security concerns or something else.”

Anthropic said it subjected Fable 5 to 1,000 hours of testing from internal and external red team, reporting that no universal jailbreaks were found that would remove those guardrails or allow the model to access Mythos for cyber and biology work.

Moussouris is far from alone. She is one of dozens of cybersecurity experts who signed an open letter Monday calling on the Trump administration to “Free Fable.”    

The researchers say that while Mythos-class models are “quite good” at identifying and exploiting vulnerabilities in software code, they “are not uniquely good” compared to other frontier models they use every day for cybersecurity defense.

For example, despite OpenAI’s Daybreak model offering similar vulnerability discovery and patching capabilities. It was not included in the Commerce Department’s restrictions.

The researchers also note that Fable 5’s guardrails have been notoriously oversensitive compared to other frontier models used by red teamers, becoming “a source of humor in the cyber community on launch day” as IT and cyber workers reported online that they couldn’t get the model to perform basic defensive cybersecurity tasks.

The letter questions whether the issues found in the jailbreaking reports would even qualify as offensive capabilities, and note they can be reproduced in other commercial and open-source models, including GPT 5.5, Claude Opus, Claude Sonnet and Chinese models like Kimi 2.7.

“The justification for this unprecedented action was that Fable provides a unique ‘uplift’ of capabilities beyond other AI models, but AI has been finding bugs and generating working exploits at superhuman levels since last year,” they wrote.

The White House decision comes as AI companies face increasing backlash from a public that is now overwhelming calling for more robust government intervention.

A Johns Hopkins University poll in May found broad, bipartisan support for AI regulations, with 73% calling for bans on AI-generated images and video, 68% calling for labels on AI content, 75% wanting disclosure laws around when they interact with AI chatbots and 70% calling for “the right to interact with a human rather than an AI in medical, legal, educational and government settings.”

Another global survey of 18,000 people released this week found that the top four concerns most people have around AI all revolve around the tool’s ability to spread misinformation, create deepfakes to embarrass or hurt others, making it easier for criminals to hack into victim networks and helping terrorists create new weapons.

Senior reporter Tim Starks contributed reporting for this story.

The post Cybersecurity experts don’t think Anthropic’s Fable 5 presents a unique threat  appeared first on CyberScoop.

The U.S. government on Friday ordered Anthropic to immediately suspend foreign access to Fable 5 and Mythos 5, its two most advanced artificial intelligence models, citing national security concerns tied to a reported method of bypassing the models’ safety restrictions. 

The directive, issued late Friday afternoon by Secretary of Commerce Howard Lutnick in a letter to Anthropic Chief Executive Dario Amodei, placed the two models under export controls that prohibit use by foreign nationals, whether inside or outside the United States. 

Because of the scope of the restrictions, which includes foreign-born Anthropic employees, the company announced Friday evening that it disabled the models to ensure compliance. Access to the company’s other AI models was not affected. 

Fable 5 and Mythos 5 had been released earlier this week, with Anthropic describing them as the most capable systems it had ever deployed. Mythos was available to members of Project Glasswing, which allowed selected cybersecurity companies to use the model to identify and address security flaws.

It’s unclear how the Commerce Department action affects Project Glasswing. Anthropic did not respond to a request for comment.

The Commerce Department‘s letter did not detail the specific national security concern. In its blog post Friday night, the company said its understanding is that the government became aware of a technique for “jailbreaking” Fable 5, a term for methods that circumvent a model’s built-in safety guardrails. According to Anthropic, the government provided only verbal evidence of what it described as a “narrow, non-universal jailbreak,” which essentially involved prompting the model to read a specific codebase and identify software flaws. 

Anthropic disputed the severity of the finding. The company said it reviewed a report it believes formed the basis of the government’s directive and found that the capabilities demonstrated were already available in other publicly accessible models, including OpenAI’s GPT-5.5. The company said those same capabilities are used routinely by cybersecurity professionals for defensive purposes. 

Katie Moussouris, chief executive of the cybersecurity firm Luta Security, posted on BlueSky Saturday that the issue stems from “Defense Oriented Prompting,” a security-first method of engineering AI system instructions that treats natural language as code.

Other reports claimed that Amazon was responsible for flagging the security issues in the model. The company did not respond to CyberScoop’s request for comment. 

Anthropic acknowledged in its statement that perfect jailbreak resistance is not achievable for any model provider, and said it had designed Fable 5 around a “defense in depth” strategy, combining narrow jailbreak resistance with active monitoring. The company said no testers had found a universal jailbreak capable of broadly bypassing the model’s safeguards. 

“We disagree that the finding of a narrow potential jailbreak should be cause for recalling a commercial model deployed to hundreds of millions of people,” Anthropic wrote. “If this standard was applied across the industry, we believe it would essentially halt all new model deployments for all frontier model providers.”

Friday’s directive is the latest episode in a prolonged dispute between Anthropic and the Trump administration. In February, President Donald Trump moved to bar Anthropic’s products from federal agencies after the company sought stronger restrictions on how the Pentagon used its technology.

Despite that, as Anthropic released Mythos under Project Glasswing, the National Security Agency was given Mythos 5 to conduct offensive cyber operations. Earlier this month, Trump signed an executive order directing federal agencies to bolster cyber defenses and establish a voluntary mechanism for the government to gain early access to powerful AI models before deployment. 

The administration’s stated rationale for Friday’s action drew widespread skepticism from researchers and analysts. Dean Ball, a senior fellow at the Foundation for American Innovation, called the move “baffling.” Chris McGuire, a senior fellow at the Council on Foreign Relations, said targeted export controls on model access could be a legitimate policy tool, but called the across-the-board restriction “highly questionable” and the deemed export provisions — which restrict foreign nationals inside the U.S. — “just absurd.” 

The broader implications for the AI industry remain uncertain. Aaron Levie, chief executive of Box, described the directive as “a big turning point for AI regulation,” arguing that the government’s willingness to deem specific models too powerful for certain uses establishes a precedent with potentially far-reaching consequences.

Other tech leaders in the government supported the action. 

“We fully support @POTUS and @SecWar in prioritizing national security and the security of our warfighters, DIB partners, critical infrastructure, international partners and allies,” DOD CIO Kirsten Davies wrote in a social post on X. “Some things are simply more important than revenue cycles, clickbait, and pre-IPO valuation. America First. Always.”

Anthropic said it believes the situation stems from a misunderstanding and is working to restore access as soon as possible.

The post Anthropic disables new models after government calls them a national security concern appeared first on CyberScoop.

The FBI, along with Google and Lumen Technologies, took down a major cybercrime network based in China that was responsible for an estimated $1.9 billion in losses, officials said Friday. 

Outsider, which provided phishing kits and hosted infrastructure for cybercriminals since July 2023, facilitated a wave of phishing attacks against people and businesses in 55 countries, including the United States, the FBI said in a LinkedIn post.

The jointly coordinated effort dubbed “Operation Ghost Hook” netted the seizure of several domains of the group’s core admin servers, a Shopify storefront, roughly $100,000 from Outsider payment wallets and thousands of domains registered through U.S.-based providers, officials said.

The FBI said it also used an Outsider Telegram bot to access information on the cybercrime network’s customers.

“The criminals behind Outsider Enterprise built a business out of impersonating trusted brands to defraud hundreds of thousands of victims,” Brett Leatherman, assistant director of the FBI’s cyber division, said in a statement.

Authorities traced Outsider’s phishing domains to nearly 3.9 million stolen credit cards.

Google, one of the vendors impersonated by the phishing kits, described Outsider as a massive AI-powered operation. 

Outsider provided its phishing kit, which allowed cybercriminals to create fake sites and phishing campaigns to steal credit cards, bank account credentials and personal data, for a weekly subscription as low as $88 per week, the company said in a civil lawsuit it filed to dismantle the cybercrime network’s infrastructure. 

The China-based group behind the operation encouraged and provided step-by-step instructions for customers to use Gemini and other AI platforms to generate custom code for phishing lures and corresponding sites for illegitimate missed packages, overdue highway tolls, parking violations, issues with a brokerage account or wireless carrier rewards.

“The Outsider software allows scammers to request multiple types of verification from victims, including SMS, PIN, email and app verification,” Google wrote in the lawsuit filed in the U.S. District for the Southern District of New York. “This flexibility enables the enterprise to defeat various forms of authentication security.”

Google said it’s working with AT&T, T-Mobile and Verizon to intercept the spam messages before they reach customers, but these types of phishing attacks are prevalent and have been spreading for years. 

Google is also pushing for legislative action, including a series of bills, to combat these scams, General Counsel Halimah DeLaine Prado wrote in a blog post.

“Litigation alone won’t end this,” she wrote. “As threats evolve, our laws must, too.”

Google said it doesn’t know the real names of the people or entities involved in Outsider, but said the operation is supported by multiple cybercrime groups providing different roles with overlapping infrastructure.

The FBI said the takedown was part of Operation Riptide, an ongoing campaign targeting cybercriminals and the infrastructure and financial networks they use to commit fraud.

The post FBI takes down massive China-based cybercrime network that caused $1.9B in losses appeared first on CyberScoop.

The U.S. Departments of Justice and Homeland Security seized multiple internet domains this week, accusing them of being used to publishing thousands of AI or digitally-altered images and videos of nude women.

The domains, CFAKE.com and SOCFAKE.com, specialized in digital forgeries that “were made to appear to be sexual images of famous women, including politicians, first ladies of multiple countries, royalty, journalists, television presenters, athletes, entertainers, and others” either nude or engaged in sexual activity,” according to a Department of Justice release.

In addition to creating sexual images and videos of women without their consent, the service allowed people to browse by topics, including “rape,” “forced,” and “degradation.”

That description comes from a Department of Justice release describing the contents of its probable cause affidavit and search warrants. CyberScoop has not viewed the court documents.  

The sites were seized under the TAKE IT DOWN Act, a law passed last year giving federal authorities the ability to criminally prosecute those who create and distribute deepfake porn. The law was a rare moment of bipartisan agreement in Washington D.C., gaining support from both Democrats and Republicans who said their constituents were demanding tougher laws to curb the use of AI to create nonconsensual deepfake porn.

The operation marks one of the largest seizures since the law went into effect. The details of the operation disclosed by the government show how creators of deepfake porn rely on a web of international assets and infrastructure to evade law enforcement.

Robert Fraiser, U.S. Attorney for the District of New Jersey, said U.S. authorities worked in coordination with law enforcement agencies in France and Italy. According to U.S. officials, they were first notified about the website by Italian Polizia de Stato, while a parallel investigation run by the Paris Public Prosecutor’s Office in France resulted in the arrest of a suspect connected with the site, along with seized cryptocurrency funds.

“These seizures stopped a website that trafficked in humiliation, exploitation, and the violation of personal privacy on a massive scale,” said Frazer in a statement. “For the victims whose images were distributed without their consent, the harm is not virtual — it is deeply personal and often enduring.”

According to the Paris Prosecutor’s Office, Cyrille B., a 47-year-old French national was arrested and accused of being an administrator for CFAKE. A search of his home in Nice found computer equipment related to the site and a little more than $48,000 in Ethereum cryptocurrency that they said came from the site’s advertising.

The French investigation identified 300,000 images, 7,000 videos depicting 14,000 individuals from different countries. The site had approximately 200,000 user accounts, 4 million views per month and uploaded 50 pieces of new content every day.

The suspect had no prior criminal record, and will go to trial on July 7. The charges carry potential penalties of up to seven years in prison and €500,000.

U.S. Immigration and Customs Enforcement’s Homeland Security Investigation division is leading the federal investigation, in conjunction with the U.S. Attorney’s office for New Jersey.

The post US, France, and Italian authorities shut down massive deepfake porn site appeared first on CyberScoop.

The Cybersecurity and Infrastructure Security Agency on Wednesday ordered federal agencies to prioritize vulnerabilities based on four criteria, as part of push to “patch smarter, not harder.”

Federal agencies should emphasize patches for vulnerabilities that affect a publicly exposed asset, allow an attacker to fully automate exploitation, give attackers the ability to take over control of a system or relate to evidence of active, real-world exploitation, CISA declared.

CISA acting director Nick Andersen previewed the binding operational directive (BOD) Tuesday, framing it as a rethinking of vulnerability management more broadly.

“This Directive provides clear definitions, timelines and criteria that enhances transparency, predictability and agencies’ resource planning to execute more effective vulnerability remediation,” Andersen said in a statement. “CISA is leading and collaborating with federal civilian agencies to stay ahead of our adversaries as tactics, technologies and vulnerabilities change.”

BOD 26-04 sets forth timelines for how quickly agencies must fix a vulnerability based on how many of the four criteria it meets. If it meets all four, for example, agencies need to fix it within three days and carry out a “forensic triage” to assess whether their systems were compromised. 

More generally, agencies must immediately update their vulnerability management policies, including establishing a process for ongoing remediation of known, exploited vulnerabilities (KEVs) on CISA’s “must-patch” list. Within 60 days, agencies need to update their processes for remediating common vulnerabilities, and within 180 days, agencies must meet the order’s remediation timelines.

The directive is motivated in part by how artificial intelligence is shifting the window from vulnerability discovery to weaponization, and CISA said it reflects priorities in an executive order on AI that President Donald Trump signed last week.

BODs aren’t mandatory for anyone outside of federal agencies, but CISA encourages the private sector to embrace them. CISA officials said in a blog post about the need to “patch smarter, not harder” that “defenders are already struggling to keep up.”

“Artificial intelligence is assisting both researchers and adversaries in identifying flaws in software, vastly increasing the pace at which new vulnerabilities are discovered,” wrote Chris Butera, acting executive assistant director for cybersecurity, and Jonathan Spring , senior technical adviser. “Per Verizon’s 2026 Data Breach Investigations Report, only 26% of vulnerabilities on CISA’s Known Exploited Vulnerabilities (KEV) Catalog were fully remediated by organizations in 2025, a drop from the previous year’s 38%. The median time for full resolution rose to 43 days.”

The move from weeks to days for agencies to patch the most urgent vulnerabilities is something CISA has discussed with some agencies to see if it’s doable, Butera told reporters Wednesday. At one large agency CISA analyzed, just 1% of vulnerabilities fell into the 3-day window, while 60% could be deferred to the next system upgrade.

“We’ve engaged with a few federal agencies ahead of this directive and tried to socialize some of these new time frames,” he said. “We really believe we should be able to free up some time to patch the most urgent vulnerabilities faster, while allowing for more regular patch cycles for some of the lower risk vulnerabilities.”

Patrick Garrity, a security researcher at VulnCheck, said the CISA directive joins similar guidance out of India and the United Kingdom.

“It’s clear the momentum is growing and pushing in the right direction,” he told CyberScoop. “The new directive aligns exactly with the approach we’ve been taking with customers for years, leveraging exploit intelligence to focus on the subset of vulnerabilities that enterprises, governments and vendors really need to address. While it’s mandated for federal organizations, it’s something the private sector should pay attention to as well.”

Tod Beardsley, vice president of security research at runZero and former KEV section chief at CISA, wrote on LinkedIn that there are several noteworthy potential impacts of the BOD, among them that he thinks three-day deadlines will end up being frequent.

“I remain dubious that a three day deadline spread across more than a hundred agencies is an achievable patch cadence today, but we’ll all find out together,” he said.

Updated 6/10/26: Includes Chris Butera comments on timelines, and comments from Patrick Garrity and Tod Beardsley.

The post CISA directive orders agencies to prioritize vulnerability patching in a new way appeared first on CyberScoop.

The Cybersecurity and Infrastructure Agency wants to fundamentally reevaluate how it prioritizes risks and vulnerabilities, both for privately-owned critical infrastructure and within the federal government, acting director Nick Andersen said Tuesday.

The plans include a binding operational directive for federal agencies set to be published Wednesday and getting more specific with critical infrastructure owners and operators about which assets they need to protect most and how, Andersen said while speaking at an event hosted by Axonius in Washington, D.C. and talking with reporters afterwards.

The binding operational directive looks to revise how federal agencies do vulnerability management, he said. “Overall, our approach to date has been ‘A patch is released, apply this patch as quickly as you can,’” he said.

“We’re really asking people to take more of a focus on risk associated with each vulnerability. Is it with an asset that is internet-exposed? Does it align to a KEV entry?” he said, referring to CISA’s list of known exploited vulnerabilities. “Is it automatable in its exploitation? Really, we need to be able to highlight that some patches just aren’t as important as others, and plugging the holes for some vulnerabilities is simply not as important as others.”

Andersen said he has made setting the right priorities the focus of his tenure.

“We have to be okay with saying there are some systems that are less important than others, there are some elements of critical infrastructure that are less important than others,” he said. “Those things are very easy for us to rationalize [for] physical crises, but we need to start wrapping our minds around how we’re going to do that during cyber crises.”

Andersen said artificial intelligence-enhanced threats have fueled the directive in part, based on “a recognition that we’re a different dynamic environment with the shorter timeline to weaponization and exploitation,” but the discussions on the directive have been going on for months, before the splashy announcements about frontier AI models and the risks they might deepen. Wednesday’s directive is unrelated to the AI-focused executive order released by the Trump administration last week.

The idea of prioritizing certain potential hacking targets over others isn’t a new one in critical infrastructure, with concepts like “Section 9” designations under a 2013 executive order for entities whom an attack upon could have catastrophic effects; “systemically important critical infrastructure” designations, as recommended by the Cyberspace Solarium Commission; or the creation of the National Risk Management Center established during President Donald Trump’s first term but now the subject of proposed budget cuts.

Andersen said past concepts haven’t worked well, citing Section 9 designations as an example.

“We would sit here and say, ‘Congratulations, you’re with this company, and you’re a Section 9 entity, isn’t that fantastic?’” he said. “That’s really not the level of fidelity that we have to be able to get to to have a real measurable conversation about risk. I need to be able to go to a company and say, ‘Here’s the specific function you’re supporting that makes you more critical. Let’s have a conversation about the specific assets that support that function, and how do we get to a measurable level of resilience for those assets?’”

Those discussions need to get down to a “fine grain,” Andersen said.

“If I’ve got a major bank that I’m talking to, is it as important to me that the bank’s process that supports the bulk payment system is resilient, or is it just as important to me that the branch location two blocks away is continuing to operate?” he said. “Those things just are apples and oranges, even though it’s the same entity that might be affected.”

CISA’s capabilities under the Trump administration have drawn considerable scrutiny, given deep budget cuts at the agency, with more planned. The administration is now making moves to hire back personnel.

Andersen said the agency is working to hire 329 people, and will have job offers out to 182 of them by the end of June. He said the emphasis of the first tranche of hires under the hiring sprint is operational capabilities, meaning areas like emergency communications, infrastructure security and regional personnel.

The agency also has had some of its work hampered by the government shutdowns, such as the delay in plans for town-hall meetings about implementation of the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which will require key owners and operators to report major incidents within 72 hours.

Andersen said he couldn’t set a date for finalization of regulations related to the law — which had already been delayed prior to any funding lapses — with those town halls now scheduled to begin next week.

“We could have a lot of comments that come to us and really radically change our way of thinking about what the need is here,” he said. “But our focus is just on what’s the original congressional intent behind CIRCIA. what is the greatest need that we’re going to be able to serve, and how it’s going to be able to further the mission that we have for the nation.”

The post CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector appeared first on CyberScoop.

House Democrats criticized a draft Republican Department of Homeland Security spending bill Thursday that they said would cut funding for the Cybersecurity and Infrastructure Security Agency by $250 million.

Republicans said the bill provides $2.4 billion for CISA, and that among its focuses are “improving cybersecurity resilience,” in the words of House Appropriations Chairman Tom Cole, R-Okla.

But Democrats decried it as a funding reduction. The panel’s subcommittee on homeland security is set to vote on the bill Friday.

The fiscal 2027 funding measure “dramatically cuts funding for cybersecurity and infrastructure protection despite an increasing number of sophisticated attacks from foreign adversaries against U.S. businesses, health care systems, utilities, schools, and state and local governments,” Democrats said in a fact sheet.

They also said it limits DHS’s ability to counter foreign propaganda seeking to undermine U.S. democracy, and to protect states against foreign groups during the elections.

The second Trump administration has sought deep cuts in CISA’s personnel numbers and budget in both fiscal 2026 and 2027, drawing concerns from both sides of the aisle.

Congress last year sought to implement some, but not all, of Trump’s proposed cuts for the agency, advancing legislation to set its budget at $2.6 billion.

In their fact sheet, Republicans said they were reallocating $100 million from past appropriations to fund CISA’s core missions.

They acknowledged some cutbacks, saying that the bill “Includes strategic reductions to redundant, unauthorized, or duplicative contracts, positions, and programs.”

Despite the cutbacks at CISA over the last year and a half, officials have talked about wanting to hire additional personnel. The fiscal 2027 bill includes “$31 million to hire mission critical positions to counter threats from foreign adversaries, such as China,” according to the GOP.

The GOP also highlighted other cyber funds in the DHS bill. DHS’s management director would get $11.3 million for “enhanced cybersecurity protections,” while the Homeland Security Investigations division of Immigration and Customs Enforcement would get $5 million for the Cyber Crime Center.

Neither panel Republicans nor Democrats responded to requests for comment seeking more detailed numbers for the fiscal 2027 bill.

The post Hill Dems hammer GOP for $250M CISA budget cut appeared first on CyberScoop.

Department of Homeland Security Secretary Markwayne Mullin told Congress Wednesday that the Cybersecurity and Infrastructure Security Agency would ideally have 2,800 personnel, up from approximately 2,200 now and down from 3,400 before the second Trump administration began.

President Donald Trump has pushed to dramatically reduce personnel numbers at the agency, something that has drawn criticism from both Democrats and Republicans on the Hill. Trump has proposed hundreds of millions more in cuts for fiscal 2027.

House Homeland Security Committee Chairman Andrew Garbarino, R-N.Y., asked Mullin at a hearing Wednesday about further proposed CISA budget cuts, saying he was “concerned” about personnel numbers and funding for education programs and whether the fiscal 2027 blueprint would “negatively impact those efforts.”

Mullin said DHS funding lapses have made the department rethink CISA, although the deep CISA personnel reductions predate the recent spate of government shutdowns. 

“We had to readjust the way we’re looking at CISA and better lean on public partnerships,” he said. The agency can work well with 2,800 people “If we can actually have the partnerships we need with states and be able to use the grants, the monies that [we] saved with CISA to be able to invest with local and state municipalities. … We’re not going to fail on the mission we have in front of us.”

CISA personnel figures are in a constant state of flux. The CISA staff figure of 2,200 Mullin gave is down even from December. In March, acting director Nick Andersen said CISA was looking to hire 300 people.

There’s been no proposal from the Trump administration to-date to take funds formerly allocated to CISA and shift them to state governments for cybersecurity. State officials have said CISA budget cuts have made their jobs harder, and most experts have said the Trump administration’s approach to shift cyber responsibilities to states is badly misguided.

Congress has yet to permanently reauthorize the State and Local Cybersecurity Grant Program that expired last year before it got a temporary extension and is due to expire again in September.

CISA has gone without a Senate-confirmed director for the entirety of the second Trump administration. Mullin said “we’ve got a person soon to be nominated that will be running CISA that has the ability to recruit and focus on the authorities we have.”

Mullin said CISA has “unique” authorities that haven’t “been completely utilized.” 

“We want CISA to be the leader in cybersecurity,” he said. “They should be and they will be.”

A House Appropriations subcommittee is set to consider a DHS funding bill Friday.

The post DHS Secretary Markwayne Mullin pinpoints optimal CISA staffing levels appeared first on CyberScoop.

The Pentagon is focusing on integrating cyber into all its operations, and wants to make sure it integrates security into artificial intelligence usage from the outset, the Defense Department’s top cyber policy official said Tuesday.

Recent conflicts have made clear how important cyber is, said Katherine Sutton, assistant secretary for cyber policy and principal cyber adviser at DOD — especially when it’s paired with physical force.

Defense officials have noted that there’s been a cultural shift on the importance of cyber at the department since the war in Iran and the capture of Venezuelan leader Nicolas Maduro.

“Information is becoming more and more important on the battlefield, so having the ability to integrate space, cyber and other non-kinetic effects to be able to degrade that information advantage is something that’s going to be critical and foundational to any future conflicts going forward,” she said at the GDIT’s Emerge: Battlespace of the Future conference, hosted by Scoop News Group. “We have to fully pull cyber out of its silo, which means not just integrating the effects, but starting the integration from day one with operational planning … and built in from the beginning, and not something that we strap on as we’re going to execute.”

Brandon Pugh, principal cyber adviser for the Army, backed up that message at the same conference, saying that cyber “being considered in a silo is not where it’s most effective,” and is more effective “when we see cyber blending in the kinetic operations while still being an option in its own right.”

Army Secretary Dan Driscoll has made Pugh Army secretariat lead for all its defense critical infrastructure, both physical and cyber, which Pugh said emphasizes how the Army sees the two linked. The Army brought agencies together last month for an exercise to contemplate threat scenarios across domains.

By the same token, security needs to be interlaced with artificial intelligence, Sutton said. It’s a truism in the cybersecurity world that the internet wasn’t built with security in mind. As advanced AI models grow in usage at the Defense Department, Sutton said the Pentagon can’t make similar mistakes.

“As we adopt these new tools, we’re also creating a new threat landscape for adversaries to attack us and to exploit these new capabilities, so we need to start thinking about how we’re going to secure them,” she said. “One of the challenges we have often had with tools is we adopt them, and security is an afterthought, or we realize that we didn’t think about security from the front. I just don’t think we have that luxury with AI going forward.”

CORRECTED 6/3/2026: to clarify Pugh’s role on defense infrastructure within the Army.

The post DOD wants to integrate cyber in all operations, and integrate security into AI appeared first on CyberScoop.